This disclosure relates generally to the field of transaction auditing.
Transactions performed within an organization, including but not limited to financial transactions such as purchasing or expense reimbursement, or military applications, may be vulnerable to fraud. Separation of Duties (SoD) is a technique which may reduce the risk of fraud in such transactions by requiring certain steps in the transaction process to be performed by different individuals or roles. A SoD policy may break sensitive transactions into a series of steps, and assign access rights to the steps in a manner such that a single person or party is not permitted to perform all of the steps. For example, in an expense reimbursement process, the steps of expense submission, approval and payment may each be performed by different individuals, lessening the likelihood of fraud by disallowing a single person making a reimbursement payment.
Compliance with SoD policies may be a key focus of a financial audit of an organization. Auditing may be automated; a system such as Continuous Auditing (CA) may grant an auditor direct and continuous access to transactional information. However, unfiltered access to transactional information for auditing purposes may present a violation of both customer and employee privacy.